-
Notifications
You must be signed in to change notification settings - Fork 232
Query parameter that contains code=
will cause SecureRoute to render nothing
#924
Comments
Thanks for the submission. We are aware of this issue and are working on a fix. See comments here for a possible workaround: okta/okta-auth-js#474 (comment) (the authClient is exposed as a property "_oktaAuth" in the okta-react sdk) |
@aarongranick-okta Either I applied the workaround incorrectly, or the workaround does not seem to help. Any other ideas? I had to get to the authClient with the hook. Here is the basic idea of how I tried to apply your suggestion:
and the new component:
also, If you would prefer, we can close this issue and continue the discussion in okta/okta-auth-js#474, just let me know. |
@veswill3 The workaround looks correct. It's possible it may be running into a separate issue: #921 which may cause multiple instances of the "authService" to be created. Try creating the We are working on fixing both of these issues, but I think this workaround should do the trick in the short-term. |
@aarongranick-okta Unfortunately going that route does not seem to help either. I do get an error immediately however:
Could it be related to my specific setup? Does it work for you if you try to implement the workaround in the example above? |
@veswill3 The error is being thrown here: https://github.com/okta/okta-auth-js/blob/3.2/packages/okta-auth-js/lib/token.js#L550 I see that patching |
like this?
This does seem to resolve our issue. I will experiment with our full application to make sure, and track the issue for a future resolution. |
@veswill3 Yes, exactly. I'm glad it is working for you! For a SPA application, there should be no negative effect of using the hash instead of the query. |
internal ref: OKTA-331632 related issue in okta-auth-js: okta/okta-auth-js#474 |
I'm submitting this issue for the package(s):
I'm submitting a:
Current behavior
hard linking (deep link, using an anchor element) into the app with a query parameter that ends with
code=
seems to break the app and nothing inside of aSecureRoute
will render, even after navigating to new routes. Soft linking around with react router usually works, but will also break sometimes.Expected behavior
query parameters should not cause SecureRoutes to render nothing.
Minimal reproduction of the problem with instructions
install okta-react 3.0.7, then use this as your react application
First click around the soft links and notice that it (probably) seems to work as expected, where the bottom will show first, second, third etc. You should be able to click around the insecure routes, the secure routes, and it all looks good.
Now click one of the hard links that has
code=
somewhere in the query parameters. Now nothing will show for the secure routes. the insecure routes will still show as you navigate to them, but the secure route will never render anything again until you refresh the page or click another "hard" link.Note: I have seen even the soft links trigger this issue occasionally with some auth sdk error, but it is hard to reproduce.
Extra information about the use case/user story you are trying to implement
Our current use case is processing payments, where we navigate away to enter payment information, and they send the user back to our application with a bunch of query params that indicate success and failure, and why. One of those query parameters is
request_code=xxx
which causes our application to fail.Environment
node -v
): 12.16.3The text was updated successfully, but these errors were encountered: